Understanding the LDAP Directory
This Lab provides a ready-to-use LDAP server that is accessible at ldap.ca-lab.private within the Lab's VPC. You will use the existing organization directory to authenticate users in HashiCorp Vault later in this Lab. The server is an EC2 instance running OpenLDAP, but any other LDAP service could also be used, such as Microsoft's active directory or AWS Directory Service. The simulated organization directory that is accessed over LDAP is depicted in the following directory tree diagram:
The directory schema is based on internet domain naming. The top-level domain component (dc) entry of private is used to indicate the directory is used only to be used for the purpose of this Lab. In practice, you may have com or net as the top-level dc entry. For simplicity, the ca-lab organization (o) is arranged in a single organization unit (ou) called Users. There are two users with common names (cn) of Jeremy Cook and Logan Rakai. Jeremy is a member of the Engineering group, and Logan is a member of the Research group.
The remainder of this Lab Step will confirm the directory is available, and matches what is displayed in the above image.
1. In the Cloud9 terminal, install the
openldap-clients package that includes the
Copy codesudo yum install -y openldap-clients
2. Run the following
ldapsearch query to list the directory entries in the ca-lab.private organization's directory:
Copy codeldapsearch -H ldap://ldap.ca-lab.private -x -LLL -b dc=ca-lab,dc=private
If the server was configured with LDAP over SSL, you would use
ldaps:// for the host protocol instead of
ldap://. Take a minute to confirm the information matches what you expect based on the provided directory tree diagram. You can see additional information in the entries, such as the user IDs (uid) of Jeremy and Logan are jcook, and lrakai.
In this Lab Step, you learned about the LDAP directory structure that the Cloud Academy Lab environment has created. You confirmed the directory is accessible at ldap.ca-lab.private from within the Lab VPC.